<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
    
<?php 
$layout = explode('&&&', file_get_contents('layout.html'));
echo $layout[0];

session_start();
if (!(isset($_SESSION['username'])))
	header("location:login.php");
	
$id=$_GET['id'];
?>

<html>
<head>
</head>
<style type="text/css">
<!--
.style1 {color: #FF0000}
-->
</style>
<body>

<!-- Begin Main Column -->

<div id="mainContent">
	
  <h2>Find <?php if($id==1){echo " & Edit ";}elseif($id==2){echo " & Delete ";}?>Presenter</h2>
      
        <p></p>Find Presenter
        <form id="form2" method="post" action="">
          <table width="200" border="0">
            <tr>
              <td>First Name:</td>
              <td><label>
                <input type="text" name="first_name_presenter" id="first_name_presenter" />
              </label></td>
            </tr>
            <tr>
              <td>Last Name:</td>
              <td><label>
                <input type="text" name="last_name_presenter" id="last_name_presenter" />
              </label></td>
            </tr>
          </table>
          <p>
            <label>
            <input type="submit" name="presenter_search" id="presenter_search" value="Search" class="button" />
            </label>
          </p>
        </form>

<!-- Begin Side Column -->
<!-- Begin Footer -->

<?php
	 	if($_POST) {
			ob_start();
			$host="localhost"; // Host name
			$username="root"; // Mysql username
			$password=""; // Mysql password
			$db_name="rtl"; // Database name
			
			// Connect to server and select databse.
			mysql_connect("$host", "$username", "$password")or die("cannot connect");
			mysql_select_db("$db_name")or die("cannot select DB");
			
			$first_name_presenter=$_POST['first_name_presenter'];
			$last_name_presenter=$_POST['last_name_presenter'];
			
			$action=$_GET['id'];
			
			// To protect MySQL injection (more detail about MySQL injection)
			$first_name_presenter = stripslashes($first_name_presenter);
			$last_name_presenter = stripslashes($last_name_presenter);

			$first_name_presenter = mysql_real_escape_string($first_name_presenter);
			$last_name_presenter = mysql_real_escape_string($last_name_presenter);
			
			
			if($first_name_presenter != "" && $last_name_presenter != "") {
				$first_name_presenter = "%".$first_name_presenter."%";
				$last_name_presenter = "%".$last_name_presenter."%";
				$presenter_by_name = mysql_query("SELECT PRESENTERID, FIRSTNAME, LASTNAME, CITY, ADDRESS, PHONENO FROM PRESENTER WHERE FIRSTNAME LIKE '$first_name_presenter' AND LASTNAME LIKE '$last_name_presenter'");
				echo "<table border='1'>";
  				echo "<tr> <th>First Name</th> <th>Last Name</th> <th>City</th> <th>Address</th> <th>Phone number</th>";
  				//keeps getting the next row until there are no more to get
				while($row = mysql_fetch_array($presenter_by_name))
				{
					// Print out the contents of each row into a table
					$presenter_id=$row['PRESENTERID'];
					echo "<tr><td>";
					if($action==1) {
						echo "<a href=\"EditPresenter.php?pid=$presenter_id\">".$row['FIRSTNAME']."</a>";
					}
					else if($action==2) {
						echo "<a href=\"DeleteEvent.php?id=$presenter_id&action=2\">".$row['FIRSTNAME']."</a>";
					}
					echo "</td><td>";
					echo $row['LASTNAME'];
					echo "</td><td>";
					echo $row['CITY'];
					echo "</td><td>";
					echo $row['ADDRESS'];
					echo "</td><td>";
					echo $row['PHONENO'];
				}
				echo "</table>";
			}
			
			if($first_name_presenter != "" && $last_name_presenter == "") {
				$first_name_presenter = "%".$first_name_presenter."%";
				$presenter_by_name = mysql_query("SELECT PRESENTERID, FIRSTNAME, LASTNAME, CITY, ADDRESS, PHONENO FROM PRESENTER WHERE FIRSTNAME LIKE '$first_name_presenter'");
				echo "<table border='1'>";
  				echo "<tr> <th>First Name</th> <th>Last Name</th> <th>City</th> <th>Address</th> <th>Phone number</th>";
  				//keeps getting the next row until there are no more to get
				while($row = mysql_fetch_array($presenter_by_name))
				{
					// Print out the contents of each row into a table
					$presenter_id=$row['PRESENTERID'];
					echo "<tr><td>";
					if($action==1) {
						echo "<a href=\"EditPresenter.php?pid=$presenter_id\">".$row['FIRSTNAME']."</a>";
					}
					else if($action==2) {
						echo "<a href=\"DeleteEvent.php?id=$presenter_id&action=2\">".$row['FIRSTNAME']."</a>";
					}
					echo "</td><td>";
					echo $row['LASTNAME'];
					echo "</td><td>";
					echo $row['CITY'];
					echo "</td><td>";
					echo $row['ADDRESS'];
					echo "</td><td>";
					echo $row['PHONENO'];
				}
				echo "</table>";
			}
			
			if($first_name_presenter == "" && $last_name_presenter != "") {
				$last_name_presenter = "%".$last_name_presenter."%";
				$presenter_by_name = mysql_query("SELECT PRESENTERID, FIRSTNAME, LASTNAME, CITY, ADDRESS, PHONENO FROM PRESENTER WHERE LASTNAME LIKE '$last_name_presenter'");
				echo "<table border='1'>";
  				echo "<tr> <th>First Name</th> <th>Last Name</th> <th>City</th> <th>Address</th> <th>Phone number</th>";
  				//keeps getting the next row until there are no more to get
				while($row = mysql_fetch_array($presenter_by_name))
				{
					// Print out the contents of each row into a table
					$presenter_id=$row['PRESENTERID'];
					echo "<tr><td>";
					if($action==1) {
						echo "<a href=\"EditPresenter.php?pid=$presenter_id\">".$row['FIRSTNAME']."</a>";
					}
					else if($action==2) {
						echo "<a href=\"DeletePEvent.php?id=$presenter_id&action=2\">".$row['FIRSTNAME']."</a>";
					}
					echo "</td><td>";
					echo $row['LASTNAME'];
					echo "</td><td>";
					echo $row['CITY'];
					echo "</td><td>";
					echo $row['ADDRESS'];
					echo "</td><td>";
					echo $row['PHONENO'];
				}
				echo "</table>";
			}
		}
	?>
    </div>

<?php
echo $layout[1];
?>
</body>
</html>

